Re: heads-up: 38 cleanup-maint patches

[Jim Meyering]

On Mon, Dec 1, 2014 at 8:54 AM, Jose E. Marchesi <address@hidden> wrote:
>
>     Re continuing to distribute gzip-compressed tarballs,
>     I have to ask "Why?"
>
> My only concern is breaking backwards compatibility in the distribution.
> Failing to provide .gz tarballs at the usual location _will_ break a
> good number of scripts, documents and protocols all around, creating
> inconveniences for many users.
>
> I don't feel particularly sanguine about it (xz rocks) but I don't
> really think the potential inconveniences are worth the benefits of
> distributing xz _only_.

While gzip use may be ok, in general, I have been sufficiently exposed
to its internals, and recall too well the massive amount of fall-out from
those CVEs, that I have no qualms about any such minor inconvenience.
Weaning users off of gzip is to avoid the risk/impact (however small) of
a future gzip CVE. People have adapted just fine to downloading
and unpacking coreutils and grep's .tar.xz files for years.
What makes sed different?